Sasser Worm – How quickly did AV companies respond?

Not all antivirus companies respond to new threads, and put out new definitions with equal alacrity. With a network worm like Sasser, it isn’t quite as important to have the new definition quickly because you aren’t preventing exploitation. Rather you are helping clean up after the fact, and if you are incredibly fortunate, preventing future infection.
A German site, took note of the virus definition release times for several prominent antivirus firms.
This link may work otherwise the content is below. (translated from German) http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=de_en&url=http%3a%2f%2fwww.pcwelt.de%2fnews%2fviren_bugs%2f39734%2findex.html
Note, I’ve used babelfish to translate from German to English, so this may sound like engrish.
Win32/Sasser.A: So fast the AV manufacturers reacted
Most anti-virus manufacturers reacted quite fast to the new threat. Only the Ikarus virus utilities could recognize the Win32/Sasser-Worm by heuristic also without updates. The response times of the other offerers find you in the table (all data in Central European summer time).
RAV 2004-05-01 – 07:35
Dr. Web 2004-05-01 – 07:45
F-Prot 2004-05-01 – 08:00
Bitdefender 2004-05-01 – 08:30
F-Secure 2004-05-01 – 08:35
Sophos 2004-05-01 – 08:55
AntiVir 2004-05-01 – 09:35
Avast 2004-05-01 – 09:45
Norman 2004-05-01 – 11:15
Trend Micro 2004-05-01 – 11:25
Panda 2004-05-01 – 11:55
Quickheal 2004-05-01 – 12:05
Symantec 2004-05-01 – 12:05
AVG 2004-05-01 – 13:15
InoculateIT VET 2004-05-01 – 13:35
ClamAV 2004-05-01 – 15:05
InoculateIT CA 2004-05-01 – 15:05
COMMAND 2004-05-01 – 17:05
Virusbuster 2004-05-01 – 17:10
Fortinet 2004-05-01 – 17:45
McAfee 2004-05-01 – 18:45
Kaspersky 2004-05-01 – 19:10
Esafe 2004-05-01 – 19:55
McAfee (BETA) 2004-05-01 – 05:20
Symantec (BETA) 2004-05-01 – 06:35
F-Secure (BETA) 2004-05-01 – 08:15
Trend Micro (BETA) 2004-05-01 – 11:25
Panda (BETA) 2004-05-01 – 11:35
What I see from these numbers is that McAfee and Symantec beat everyone if you include what they call beta defs. I suspect that the smaller companies put out defs, to get them out the door and the later released further updates to get it right. Symantec and McAfee dont have that luxury. They need their update to work across multiple platforms/products and be right the first time (although they often miss that goal).